There is an exploitation method that can automatically forward emails CC’d to external addresses via an Outlook Desktop rule, even when this action is prevented on the corporate Exchange server. This can be a serious data exfiltration risk allowing post-exploitation persistence in a previously breached account. The legitimate email account owner is highly likely to be unaware of the creation of this rule.
Organizations face a growing threat from cybercriminals while struggling to find qualified security professionals who can protect their infrastructure and sensitive data. This blog will explore the concept of a Security Operations Center (SOC) and the role of SOC analysts in securing your organization. We will also discuss how your organization can leverage automation to improve SOC effectiveness and fill in the gaps when you cannot support a full staff of security professionals.
Detectify ranks as a Leader in Website Security, a category for tools designed to protect business websites from Internet-based threats. This recognition is awarded after factoring in social, web, employee, and review data that G2 has deemed influential in Detectify’s momentum. Besides ranking #1 on the Website Security podium, Detectify holds the first position in Alerting.
Sysdig has validated its security, monitoring, and compliance capabilities with multiple Azure-related services. The latest is Microsoft Sentinel, a SIEM(Security Information and Event Management) solution on Azure that works really well with Sysdig’s cloud workload protection capabilities. Sysdig and Microsoft have a common goal of helping customers ship cloud apps faster by helping them see more, secure more, and save time in troubleshooting deployed microservices.
This week, at HashiConf 2022, Snyk was recognized by HashiCorp as the winner of the 2022 Collaboration Technology Partner of the Year award. Carey Stanton, Snyk’s Senior Vice President of Business Development, was in Los Angeles and accepted the award on stage at HashiConf. Snyk is honored to be named HashiCorp’s 2022 Technology Partner of the Year for Collaboration.
Today we’re announcing support for SPNEGO-based Kerberos and NTLM proxy authentication protocol support in Snyk CLI for Windows, with support for other operating systems coming shortly.
Remember Log4j? Arbitrary code execution bugs are more common than you think, even in memory-safe languages, like Java. Learn how to find these vulnerabilities with fuzzing. Arbitrary code execution vulnerabilities represent one of the most dangerous classes of vulnerabilities in Java applications. Incidents such as Log4Shell clearly demonstrate the impact of these security issues, even in memory-safe languages. They also show that fuzzing can be very effective in finding these vulnerabilities.
In late August, a technology provider that offers student loan account management and payment services submitted a breach notice indicating that a compromise detected on July 22 exposed 2.5 million individuals’ data, including their names, contact information, and social security numbers. At present, neither the breach notice nor subsequent reporting have provided detailed insights into the nature of the breach, noting only that it likely began in June and continued until July 22.
When it comes to building secure cloud-native applications, the baseline is choosing a secure container image. Docker defines a container as “a standard unit of software that packages up code and all its dependencies, so the application runs quickly and reliably from one computing environment to another.” The problem is, they’re often a pain point for many developers.
